Win x64 LTSB registry corruption - FUBAR?

Discussion in 'Windows 10' started by reelism, Mar 27, 2018.

  1. reelism

    reelism MDL Novice

    May 26, 2015
    8
    1
    0
    Hey guys, with the esteemed info available here I got a customised Win10 running with Anniversary updates, store and all the crud turned off. Might have been my favourite Win experience to date!

    Yet installed something I can't remember that seemed like malware (although multiple scans have showed nothing), wouldn't boot, system restore didn't work, and have been trying to fix.

    I have multiple backups of hives, have tried everything from SFC to DISM to System Restore BCD repair (which has got me to the Win10 blue boot menu now giving a driver error).

    Any tips from here - have dual boot working, writing from Win7 now, full access to Win10 seperate SSD.

    Been searching but getting nowwhere.

    Please don't tell me I should start again (I've done a LOT to this install), or should have disc img'd, just couldn't at time.

    Any suggestions re:
    Registry repair on hive files?
    Repair external Win10?
    Malware, rootkit, scans?
    Other?

    Thanks in advance!
     
  2. MS_User

    MS_User MDL Guru

    Nov 30, 2014
    2,803
    463
    90
    heres one backup clean install...only way to be 100% sure that malware is gone.
     
  3. whitestar_999

    whitestar_999 MDL Senior Member

    Dec 9, 2011
    363
    141
    10
    Technically not 100% anymore.Seems like one among the recently discovered ryzen vulnerabilities,even though it needs admin privilege/malicious bios/driver,may result in malware hidden inside processor independent of storage disk altogether meaning no format/restore image/reinstall will remove it.
     
  4. ChaserLee

    ChaserLee MDL Senior Member

    Oct 7, 2014
    425
    91
    10
    #4 ChaserLee, Mar 27, 2018
    Last edited: Mar 27, 2018
    Yes, here are my 'other' suggestions:

    Life can be a tough teacher at times. But, as you now see, experience is the only way that some people learn. You now have experience to serve you in your future decisions. I selected a few parts of your post to bring to your attention.

    You have multiple backups of hives, but 'couldn't at time' make a system backup? I think that was an experience you can learn from. Macrium Reflect Free is your new friend. One of the most powerful backup utilities I have worked with, and absolutely free.

    You said 'been searching but getting nowwhere..', well I venture to say you have probably spent more than 8 minutes in trying to resolve the problem you have. Do you realize that you could have backed up your system in under 5 minutes? Just saying....

    You said "Please don't tell me I should start again", ok, I won't. I will tell you that you are going to have to start again. As you are slowly starting to realize, there is no coming back from where you are now. But I expect you will continue to search, try things, get frustrated, until you reach the point where you finally admit defeat. But that's normal, and something I think most 'intense' users have experienced (including myself), before they gained their 'real life experience'.

    The thing to take away from all this is that even though you "done a LOT to this install" you did not do the most important thing. That was to safeguard all the hard work you put into your custom version of Windows. So when you get to the point where you start again, rebuilding from scratch your new custom version, I would strongly advise that instead of having the viewpoint of "just couldn't at time" make a system backup, you might consider adopting a new viewpoint of making it a habit of clicking one button, and letting a system backup be created in the background while you continue working. 5 minutes later you will have a golden guarantee that this will never happen to you again. You will never again find yourself realizing that you are 'F***ed Up Beyond Any Restore' . FUBAR indeed.

    It's a LOT easier than starting all over.. as you will see. Not preaching to you, only sharing my hard-learned experience.

    Best of wishes, and I sincerely mean that! (From someone who's been in your exact same shoes)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. MS_User

    MS_User MDL Guru

    Nov 30, 2014
    2,803
    463
    90
    OP didnt say anything on HW so we dont know if he or shes running a ryzen processor.
     
  6. whitestar_999

    whitestar_999 MDL Senior Member

    Dec 9, 2011
    363
    141
    10
    I just meant it as a piece of info.Now it can not be technically claimed that "formatting/reinstalling/good image restore will 100% remove any malware under any condition".Of course practically it is still the sure shot way of getting rid of any malware.I like to think of it as a disclaimer.:)
     
  7. reelism

    reelism MDL Novice

    May 26, 2015
    8
    1
    0
    No Ryzen @MS_User

    Yes I GET I should have, thanks for measured advice @ChaserLee .

    When I say I couldn't, was hoping you'd take my word for it - I didn't actually have the 46gb storage available at time - working remotely on video project, and then sudden FUBAR.
    Y'know, s**t happens.
    Did have Win 7 x64 dual boot as backup, so credit where credit's due ;) .

    It's hard to believe in 2018 there's no tool to scan and repair an external registry, or individual hive files (I can load, just don't know how to repair, can't find anything automated).
    Been searching, tried various bootable ISOs, but beyond scans (which revealed nothing), BCD, SFC (done), DISM repairs (which I have) haven't known what other options there are.

    Am I missing something here?
    Any tips for repairing remotely, seemed that ImageHealth.cmd would do the trick, repairing remote Win 10, DISM, etc, but getting consistent errors on that - doesn't seem to register, or work, on external Windows.

    EDIT: In a stunning realisation the .wim I was using for DISM, wasn't LTSB, so y'know, that could have had something to do with it not repairing :p .
     
  8. ChaserLee

    ChaserLee MDL Senior Member

    Oct 7, 2014
    425
    91
    10
    I knew that from your statement of you had "Win10 running with Anniversary updates". There was no Anniversary update for LTSB. I just figured that you had made a typo. Anyway, I know you will continue to search and try things... it's inevitable. And you are most welcome for the advice... keep it if you like, or throw it out the window if you have no use for it.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. reelism

    reelism MDL Novice

    May 26, 2015
    8
    1
    0
    Yes, sorry, I'd forgotten I updated to Enterprise 1709 (regedit change) from LTSB. So, yeah, 1709 is the apprpriate ISO.

    I'll give it one last shot, then bite the bullet.

    So - no offline registry repair options?
    Nothing?
     
  10. halasz

    halasz MDL Member

    Jan 13, 2013
    108
    31
    10
    There is no such thing as a registry repair.

    If you think about it even for a second it is absurd - this imaginary product would have to somehow guess what was correct (accounting for all of the 450 or more third party software packages available on Windows presumably) and what was you buggering around. And then decide what to do.

    Give up, reinstall and put your changes in a batch file - then next time it will be quicker.
     
  11. reelism

    reelism MDL Novice

    May 26, 2015
    8
    1
    0
    Alright, got it.

    Any tips on mentioned batch file?